reviewing-pull-requests

SUSPICIOUS: The core GitHub review workflow is purpose-aligned and mostly benign, but the skill is high-risk in operation because it processes untrusted PR/issue content while empowered to take write actions, creating indirect prompt-injection risk. The unverified `linear-cli` reference also weakens install/execution trust, though there is no direct evidence of malware or credential theft.